Cisco Systems Network Card G01028 1E User Manual

TM  
e Trust Agent for Cisco Network  
Admission Control (NAC)  
Installation Guide  
r1  
G01028-1E  
 
 
Chapter 1: Overview  
This chapter provides a brief description of how the eTrust Agent for Cisco  
Network Admission Control (NAC) works and lists the Computer Associates  
applications that are currently NAC-enabled. In addition, this chapter describes  
system requirements and product components.  
Note: This document assumes that Cisco NAC is fully installed and running in  
your network environment. For information about Cisco NAC, refer to the  
following Cisco documents:  
Network Admission Control (NAC) home page:  
NAC User Guide for Cisco Secure ACS 3.3  
NAC Attribute Management  
How the eTrust Agent for Cisco NAC Works  
The eTrust Agent for Cisco NAC discovers the posture attributes for Computer  
Associates applications on an end-point device that attempts to access or use  
resources on a network administered with Cisco NAC. The Cisco Trust Agent  
(CTA), also located on the end-point device, passes the posture attributes to a  
Cisco Access Control Server (ACS). The ACS compares the posture attributes  
with a set of policies previously defined by a network administrator. Based on  
the results of the comparison, the end-point device may either be granted full  
primary network access or placed into a separate virtual network, where the  
device can go through a remediation process before it is allowed to connect to the  
primary network.  
Overview 5  
 
   
C omputer Assoc ia tes NAC -Ena bled Applic a tions  
Computer Associates NAC-Enabled Applications  
The following Computer Associates applications are NAC-enabled:  
InoculateIT 6  
eTrust Antivirus r6, r7, r7.x  
eTrust PestPatrol Anti-Spyware r5  
eTrust PestPatrol Anti-Spyware Corporate Edition r5  
The eTrust Agent for Cisco NAC discovers the posture attributes of these  
applications if they exist on an end-point device.  
System Requirements  
An end-point device running the eTrust Agent for Cisco NAC requires the  
following:  
System Components  
Pentium-class processor  
Network connection  
Operating System  
English version of:  
Windows NT, with Service Pack 6  
Windows 2000  
Windows XP Professional  
Hard Disk Space  
20 MB  
Memory  
128 MB for Windows NT and Windows 2000  
256 MB for Windows XP  
Software  
Cisco Trust Agent 1.0  
6 Insta lla tion G uide  
 
   
Produc t C omponents  
Product Components  
The eTrust Agent for Cisco NAC consists of the following components:  
cai-pp.txt  
The cai-pp.txt file contains information for Computer Associates applications  
in the form of attribute/value pairs. You use this file with the CSUtil.exe  
program to add the Compute Associates product attribute definitions to the  
Cisco Secure ACS NAC database.  
cai-pp.dll  
The cai-pp.dll file is the eTrust Agent for NAC, which discovers the posture  
attributes of Computer Associates applications running on an end-point  
device. You use the CAPPInstall.exe program to install the plug-in on an  
end-point device.  
cai-pp.inf  
The cai-pp.inf file contains the eTrust Agent attribute definitions. The Cisco  
Trust Agent uses this file to communicate Computer Associates product  
attributes to the Cisco Secure ACS database.  
Overview 7  
 
 
 
Chapter 2: Setting Up eTrust Agent for  
Cisco NAC  
This chapter contains procedures for setting up eTrust Agent for Cisco NAC. The  
set up process includes:  
Adding Computer Associates attributes to the Cisco Secure ACS NAC  
database  
Installing the Cisco Trust Agent on all end-point devices  
Installing the eTrust Agent for Cisco NAC on all end-point devices  
Verifying the installation  
Note: The procedures in this chapter assume Cisco NAC is currently running in  
your network environment and is administered with Cisco Secure ACS 3.3.  
Setting Up eTrust Agent for C isc o NAC 9  
 
 
Add C omputer Assoc ia tes Attributes to the NAC Da ta ba se  
Add Computer Associates Attributes to the NAC Database  
Before you can define policies for Computer Associates posture attributes, you  
must first add the attribute/value pairs to the Cisco Secure ACS NAC database.  
Note: The following procedure assumes Cisco Secure ACS 3.3 is installed at:  
C:\Program Files\CiscoSecure ACS v3.3  
To add Computer Associates attributes to the Cisco Secure ACS NAC database,  
follow these steps:  
1. Go to the Computer Associates SupportConnect website,  
http://supportconnect.ca.com, and locate the eTrust Agent for Cisco NAC.  
2. Download the eTrust Agent for Cisco NAC to a system typically used for  
network management tasks.  
3. Extract the contents of the downloaded zip file to a temporary directory,  
such as C:\Temp.  
4. On the Cisco Secure ACS 3.3 for Windows system, copy the file cai-pp.txt to:  
C:\Program Files\CiscoSecure ACS v3.3\Utils  
The cai-pp.txt file contains the attribute/value pairs for NAC-enabled  
Computer Associates applications.  
5. From the C:\Program Files\CiscoSecure ACS v3.3\Utils directory, run the  
following command:  
CSUtil.exe -addavp cai-pp.txt  
The CSUtil.exe program adds the attribute/value pairs to the Cisco Secure  
ACS NAC database.  
Use the Cisco Secure ACS user interface to configure policies for Computer  
Associates products. For instructions, refer to the Cisco document NAC User  
Guide for Cisco Secure ACS 3.3.  
Install the Cisco Trust Agent  
Install the Cisco Trust Agent on all end-point devices, such as desktop  
computers, workstations, laptops, and servers that connect to or use network  
resources. Download and install the Cisco Trust Agent 1.0 from the Cisco  
10 Insta lla tion G uide  
 
   
Insta ll the eTrust Agent for C isc o NAC  
Install the eTrust Agent for Cisco NAC  
Install the eTrust Agent for Cisco NAC on all end-point devices, such as desktop  
computers, workstations, laptops, and servers that connect to or use network  
resources.  
To install the eTrust Agent for Cisco NAC on an end-point device, follow these  
steps:  
1. From the directory you downloaded the eTrust Agent for Cisco NAC,  
distribute CAPPInstall.exe to all end-point devices.  
2. Run the following command to silently install the eTrust Agent for NAC on  
the end-point device:  
CAPPInstall.exe -silent  
The files cai-pp.dll and cai-pp.inf are installed in  
%CommonProgramFiles%\Cisco  
Systems\CiscoTrustAgent\Plugins\Install. The next time the Cisco Trust  
Agent runs, these files are automatically moved up one directory level to  
\Plugins.  
Verify the Installation  
Use Cisco Secure ACS to verify that the Computer Associates attributes have  
been installed. For instructions, refer to the Cisco document NAC User Guide for  
Cisco Secure ACS 3.3.  
To verify the installation of the eTrust Agent for Cisco NAC on an individual  
end-point device, restart the device and check that the following files exist in  
%CommonProgramFiles%\Cisco Systems\Cisco TrustAgent\Plugins:  
cai-pp.dll  
cai-pp.inf  
For further assistance, see the Computer Associates SupportConnect website at  
additional information or contact a Customer Support representative.  
Setting Up eTrust Agent for C isc o NAC 11  
 
   
 
Appendix A: Computer Associates  
Attribute Information  
This appendix contains the attribute information for Computer Associates  
applications that are NAC-enabled. For information on how to manage NAC  
attributes, refer to the Cisco document NAC Attribute Management.  
Application Types  
The Cisco Trust Agent uses a Cisco-defined application type to uniquely identify  
and report posture attributes of NAC-enabled products from a single vendor.  
The following types apply to Computer Associates products:  
Application  
Type  
eTrust Antivirus  
3
eTrust PestPatrol Anti-Spyware  
6
C omputer Assoc ia tes Attribute Informa tion 13  
 
   
eTrust Antivirus Attributes  
eTrust Antivirus Attributes  
Cisco has defined eight standard NAC attributes for anti-virus applications. The  
eTrust Agent for Cisco NAC supports the reporting of these eight anti-virus  
attributes to the Cisco Secure ACS NAC database as follows:  
Software-Name  
The product name: eTrust Antivirus  
Software-ID  
The product ID as defined by Computer Associates: 1  
Version  
The product version number, as displayed in the eTrust Antivirus Version  
Information dialog  
Scan-Engine-Version  
The version of the currently active Realtime scan engine, as displayed in the  
Details for area of the eTrust Antivirus Version Information dialog  
DAT-Version  
The signature version of the currently active Realtime scan engine, as  
displayed in the Engine Information area of the eTrust Antivirus Version  
Information dialog  
DAT-Date  
The date and time the currently active Realtime scan engine was last  
updated, as displayed in the Engine Information area of the eTrust Antivirus  
Version Information dialog  
Note: The Last Update date/time provides a more accurate representation of  
the device’s posture than the Build Date of the virus signatures.  
Protection-Enabled  
Current status of Realtime Monitor: 1 if enabled, 0 if disabled  
Action  
A hexadecimal string that represents how infected files are treated by the  
Realtime scanner:  
00000000 – Report only  
00000001 – Cure  
00000002 – Rename  
00000003 – Delete  
00000004 – Move  
14 Insta lla tion G uide  
 
 
eTrust PestPa trol Anti-Spywa re Attributes  
eTrust PestPatrol Anti-Spyware Attributes  
Cisco has defined eight standard NAC attributes for anti-spyware applications.  
The eTrust Agent for Cisco NAC supports the reporting of these eight anti-  
spyware attributes to the Cisco Secure ACS NAC database as follows:  
Software-Name  
The name of the product, either eTrust PestPatrol Corporate Edition or  
eTrust PestPatrol  
Software-ID  
The product ID as defined by Computer Associates: 2  
Version  
The product version number:  
eTrust PestPatrol Anti-Spyware: Version number of the file PestPatrol5.exe  
eTrust PestPatrol Anti-Spyware Corporate Edition: The ImagePath value  
from  
“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PestPa  
trol Remote”, and ProductVersion from version information resource of  
ppRemoteService.exe  
Scan-Engine-Version  
The version number of the eTrust PestPatrol COM control ppctl.dll  
DAT-Version  
Currently 5.0.0.x, where x is the current sequence number of pploc.dat as  
indicated in lfinfo.dat  
DAT-Date  
The creation date and time extracted from the database header of pploc.dat  
Protection-Enabled  
Current status of Active Protection: 1 if enabled, 0 if disabled  
Action  
Currently an empty string  
C omputer Assoc ia tes Attribute Informa tion 15  
 
 

Bertazzoni Ventilation Hood KU30 PRO User Manual
Black Decker Saw KS405 User Manual
Bose DVD Player AM193147_03_V User Manual
Bose Portable Speaker AM 5 User Manual
Bostitch Air Compressor BTFP02028 User Manual
Brother All in One Printer MFC L8600CDW User Manual
Carrier Furnace 58MVC User Manual
CFM Corporation Indoor Fireplace DVT38IN User Manual
Chauvet Power Supply CH 202B User Manual
Cisco Systems Network Card Cisco 7010 User Manual